Skills
skills/jellydn/my-ai-tools/pickup/Gen Agent Trust Hub

pickup

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs directory listing using the ls command to display available handoff files to the user for selection.
  • [PROMPT_INJECTION]: The skill processes content from external markdown files in the .claude/handoffs/ directory and follows the instructions contained therein, creating a surface for indirect prompt injection.
  • Ingestion points: Reads file content from the local .claude/handoffs/ directory.
  • Boundary markers: No delimiters or isolation warnings are used to separate the external file content from the agent's logic.
  • Capability inventory: The skill is limited to reading files and interacting with the user; it does not possess network or high-privilege execution capabilities.
  • Sanitization: There is no evidence of instruction sanitization or validation of the content read from handoff files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 06:05 PM